HIPAA home page | Guidance (FAQ) | Working@Yale article

Can You Keep A Secret?
HIPAA Privacy and You

Notice of Privacy Practices

Last spring, much of the Yale community was on HIPAA high alert and many of us were concerned what our daily lives would be like after the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) came into effect. I’m pleased to say that patients are still receiving excellent care at Yale and that the panic appears to have subsided. Now that we’ve all had some time to adjust, it is useful revisit the concepts of HIPAA and its implementation. This is the first of a series of articles to address some of the questions that have come up regarding patient privacy since April 14, 2003. We’ll start with common questions on one of the most visible aspects of HIPAA, the Notice of Privacy Practices (NOPP).

“I received your privacy notice and would like to sign up for these protections.”
The NOPP provides information to patients on how we protect the privacy of their health information. It outlines their rights with respect to their own health information and the ways in which their health information can be shared. It is not a special program that patients must “sign-up” for. The NOPP describes our standard procedures under HIPAA. Whether or not the patient’s sign the acknowledgement, we are still required to abide by the promises made in the NOPP.

“I just received this Notice of Privacy Practices, do I have to sign it?”
No. A patient is not required to sign the acknowledgement of receipt of the NOPP. We are required to provide patients with the NOPP so that they are aware of our privacy policies and to document our efforts to do so. The signature is only to indicate that the patient received the form, and does not involve the patient agreeing to our policies. If a patient does not want to sign, we can just note the reason on the acknowledgement page.

“I don’t want you to give out my information to all the groups listed in the NOPP so can I cross off some of the categories and send it back?”
No. The NOPP reflects Yale’s policies regarding patient privacy and outlines when we may share information without asking the patient for their authorization to do so. It is not possible for us to individually tailor the sharing of health information on a patient by patient basis. The NOPP shows the manner in which health information will be shared for us to provide proper patient care, receive payment for that care or to meet other requirements such as infectious disease reporting to the state. However, we will only share the minimal amount of information needed to perform any of these tasks and will not share health information in ways not described in the NOPP.

“I’m in a research study and have signed a research informed consent and a research authorization. Do I have to sign this too?”
Yes and no. As described above, no patient is required to sign the NOPP acknowledgement. However, when a research study involves treatment of the individual, the NOPP applies and is in addition to research consent and authorization. Thus we are required to provide a NOPP to patients involved in clinical research.

Other questions on the NOPP?
If you08/19/2004r any other aspects of HIPAA you can contact the Privacy Office at hipaa@yale.edu or 436-3650. You can read our NOPP at http://www.hipaa.yale.edu/nopp/NOPP_YSM.pdf

What would you say?
Next month we will discuss a patient’s right to restrict access to their health information. How would you respond to the following: “I see in the NOPP that I can restrict access to my health information. How do I make sure that only Dr. Smith has access to my records?”

See next month’s article for this and other exciting HIPAA questions!

 

 

Top of page.
     
Yale University.  
HIPAA at Yale Home.